“g01pack” the well-known Exploit Kit now in Fresh Version

A globally-used exploit kit ranking amongst the top 4, namely g01pack, now exudes one new trick following its previous ones, i.e. it changes the way malware gets delivered onto a contaminated computer, state researchers from security firm Trusteer.

The kit's function involves the exploitation of a Java 6 security flaw for which Oracle issued a patch during 2012. In spite of that, as also the most recent edition of Java i.e. Java 7.x is already out, a computation by Trusteer reveals that the toolkit continues to contaminate 1 Internet-connected PC out of each 3,000 per month.

As normal for exploit kits, shellcode of a tiny piece gets inserted inside a computer via security flaw exploitation. When inside memory, it fetches to load its malicious component, referred to as payload.

Payloads have malicious programs that misbehave on PCs. For instance, such shady programs are in g01pack like Torpig, ZeuS, Shylock as well as Gozi as its payloads.

Fascinatingly, the g01pack of the above version is unlike further attack toolkits as its payload is planted through a multistage assault.

According to Amit Klein, CTO of Trusteer, the assault's 1st stage, viz. the shellcode, runs the 2nd stage wherein certain Java class gets executed within some other Java process. Subsequently, the ultimate payload is downloaded and executed through the said Java process, he describes. Softpedia.com published this dated May 3, 2013.

Klein notes that the above possibly is the sole attack toolkit which employs the mentioned method for planting its payload.

When Trusteer conducted tests, it found just 8 AV engines from the total 46 spotting ,jar file of the 1st-stage as being malevolent, while just 2 AV engines detected the class file of the 2nd-stage.

Describing the advantages obtained from the kind of multistage assault, Klein stated that of all the exploit packs currently found, 'g01pack' was the most efficacious. The malware ran one drive-by download assault, which enabled unnoticed plantation of malicious software. The 'g01pack' attack toolkit, by employing the multi-staged assault, could well spread sophisticated malware bypassing already-present security products' identification, Klein added. Help Net Security published this dated May 3, 2013.